906 BigIron RX Series Configuration Guide53-1001986-01Configuring SSH30• Van Dyke SecureCRT 4.0 and 4.1• F-Secure SSH Client 5.3 and 6.0• PuTTY 0.54 and 0.56• OpenSSH 3.5_p1 and 3.6.1p2• Solaris Sun-SSH-1.0Supported featuresThe SSH server allows secure remote access management functions on a device. SSH provides afunction that is similar to Telnet, but unlike Telnet, SSH provides a secure, encrypted connection.SSHv2 support includes the following:• The following encryption cipher algorithm are supported. They are listed in order of preference:• aes256-cbc: AES in CBC mode with 256-bit key• aes192-cbc: AES in CBC mode with 192-bit key• aes128-cbc: AES in CBC mode with 128-bit key• 3des-cbc: Triple-DES• Key exchange methods, in the order of preference are:• diffie-hellman-group1-sha1• diffie-hellman-group14-sha1• Public key algorithm is ssh-dss.• Data integrity is ensured with hmac-sha1 algorithm.• Supported authentication methods are Password and publickey.• Compression is not supported.• TCP/IP port forwarding, X11 forwarding, and secure file transfer are not supported.• SSH version 1 is not supported.• SCP supports AES encryptionConfiguring SSHBrocade’s implementation of SSH supports two kinds of user authentication:• DSA challenge-response authentication, where a collection of public keys are stored on thedevice. Only clients with a private key that corresponds to one of the stored public keys cangain access to the device using SSH.• Password authentication, where users attempting to gain access to the device using an SSHclient are authenticated with passwords stored on the device or on a TACACS, TACACS+ orRADIUS serverBoth kinds of user authentication are enabled by default. You can configure the device to use oneor both of them.To configure Secure Shell on a device, do the following.